Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: oinctelpro.com
I ran this command: sudo certbot -vvv certonly -d “oinctelpro.com” -d “*.oinctelpro.com” --agree-tos --manual-public-ip-logging-ok --server https://acme-v02.api.letsencrypt.org/directory --preferred-challenges dns --manual --manual-auth-hook /etc/letsencrypt/acme-dns-auth.py --debug-challenges
It produced this output: I lost the second TXT/CNAME string. Now it won’t show me the first one, but I have that in clipboard app.
My web server is (include version): gatling, haven’t gotten that far. acme-dns is on localhost to http with certbot.
The operating system my web server runs on is (include version): ubuntu 18 disco or the newer.
My hosting provider, if applicable, is: vultr.
I can login to a root shell on my machine (yes or no, or I don’t know): ssh yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no.
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you’re using Certbot): certbot 0.31.0 with Ubuntu’s golang go which is almost newest, with github acme-dns.
yandex dns keeps butting in and blocking out my acme-dns, so I’ll have to put all my txt/cname records into yandex dns for the first round. I may have been as close as just not knowing I had to make two txt/cname _acme-challenge, for wildcard.
Even with acme-dns ns in registrar’s ns slot, yandex still manages to pig out. I tried putting an NS entry for acme-dns in yandex dns, but that never worked, even with sub-domain for auth/acme like many people do.
I can kludge through manual method, if I can see the two _acme-challenge keys again. I’m writing a bash hook to make the entries in yandex dns by api, if that works. I got it to list current state so I can grep that and go back to either edit, or add, the api calls for POST. First time I’ll probably just do it all manual though.
I can’t get certbot to show me those keys, so I’m going to try to get it to make new certs by adding a second domain and its wildcard to one cert. “certbot certificates” shows none and -vvv just prints the same json that’s on disk and I can’t make out the two txt/cname keys from that.